CVSS: 6.1EPSS: 76%CPEs: 25EXPL: 3CVE-2007-6203 – Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6203
03 Dec 2007 — Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Met... • https://www.exploit-db.com/exploits/30835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 0CVE-2007-4465 – mod_autoindex XSS
https://notcve.org/view.php?id=CVE-2007-4465
14 Sep 2007 — Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTT... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2007-3847 – httpd: out of bounds read
https://notcve.org/view.php?id=CVE-2007-3847
23 Aug 2007 — The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a travé... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 15%CPEs: 17EXPL: 0CVE-2006-5752 – httpd mod_status XSS
https://notcve.org/view.php?id=CVE-2006-5752
27 Jun 2007 — Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en mod_status.c en el módulo mod_status en Apache HTTP Server (httpd)... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 30%CPEs: 38EXPL: 0CVE-2007-1863 – httpd mod_cache segfault
https://notcve.org/view.php?id=CVE-2007-1863
27 Jun 2007 — cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. cache_util.c en el módulo mod_cache module en Apache HTTP Server (httpd), cuando caching está habilitado y el módulo de hilos Multi-Processing Module (MPM) est... • http://bugs.gentoo.org/show_bug.cgi?id=186219 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2007-3304 – httpd scoreboard lack of PID protection
https://notcve.org/view.php?id=CVE-2007-3304
20 Jun 2007 — Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." Apache httpd versiones 1.3.37, 2.0.59 y 2.2.4 con el módulo Prefork MPM, permite a los usuarios locales causar una denegación de servicio por la modificación de las matrices worker_score y process_score para hacer referencia ... • ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc •
CVSS: 9.8EPSS: 27%CPEs: 44EXPL: 0CVE-2006-4154
https://notcve.org/view.php?id=CVE-2006-4154
16 Oct 2006 — Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. Vulnerabilidad de cadena de formato en el módulo mod_tcl 1.0 para Apache 2.x permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante especificadores de cadena de formato que no se manejan adecuadamente en una ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421 •
CVSS: 7.6EPSS: 92%CPEs: 7EXPL: 5CVE-2006-3747 – Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-3747
28 Jul 2006 — Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.... • https://www.exploit-db.com/exploits/2237 • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 5%CPEs: 40EXPL: 0CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
26 Jan 2006 — Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html •
CVSS: 7.5EPSS: 23%CPEs: 26EXPL: 0CVE-2005-3357
https://notcve.org/view.php?id=CVE-2005-3357
31 Dec 2005 — mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U • CWE-399: Resource Management Errors •